Not discrediting Open Source Software, but nothing is 100% safe.

  • theblueredditrefugee@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    1 year ago

    Closed source software can still be audited using reverse engineering techniques such as static analysis (reading the disassembly) or dynamic analysis (using a debugger to walk through the assembly at runtime) or both.

    How are you going to do that if it’s software-as-a-service?

    • Dr. Jenkem@lemmy.blugatch.tube
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      See the first bullet point. I was referring to any code that is distributed.

      Yeah, there’s no way to really audit code running on a remote server with the exception of fuzzing. Hell, even FOSS can’t be properly audited on a remote server because you kind of have to trust that they’re running the version of the source code they say they are.

      • EuphoricPenguin@normalcity.life
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You can always brute force the SSH login and take a look around yourself. If you leave an apology.txt file in /home, I’m sure the admin won’t mind.

          • EuphoricPenguin@normalcity.life
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            That’s not universally true, at least if you’re not on the same LAN. For example, most small-scale apps hosted on VPSs are typically configured with a public-facing SSH login.